Devise password check

Question

I use Devise gem for authentication. How can I check if the password submitted in params array is valid?

I try to compare the value of user.encrypted_password with BCrypt::Password.create('password') but the hash values are different.

May be I need something like salt value?

railscard · Accepted Answer · 2013-07-05T23:36:52.923

43

Just use devise's valid_password? method, for example:

user.valid_password?('password123')

edited Jul 05 '13 at 23:36

answered Jul 05 '13 at 23:31

railscard

score 1 · Answer 2 · edited May 23 '17 at 10:29

1

From Devise Wiki:

You can use the official solution present on the devise wiki:

user = User.find_for_authentication(email: params[:email])
user.valid_password?(params[:password])

edited May 23 '17 at 10:29

Community

answered Feb 04 '17 at 22:45

Sheharyar